- Description
- Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-345
- Hype score
- Not currently trending
CVE-2025-53548 (CVSS:7.5, HIGH) is Awaiting Analysis. Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk ..https://t.co/aXQhSOhLsp #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
14 Jul 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Today we published CVE-2025-53548 in response to a vulnerability in our verifyWebhook() helper. It advises those using this helper to upgrade their npm package. Customers we believe were using affected versions were notified yesterday, in advance of the public disclosure. We
@ClerkDev
9 Jul 2025
1789 Impressions
1 Retweet
12 Likes
3 Bookmarks
1 Reply
0 Quotes